Hello,
I want to make a invoice overdue print where all invoices are located. One of my manufacturers also give the possibility to download the invoice from the overdue mail.
So they have :
invoice date sum
58144 12/12/12 100.00 (The 58144 should be a link)
58210 21/12/12 200.00
I could make like this :
(No)http://www.maveco.be/pdf/58144.pdf
(no)http://www.maveco.be/pdf/58210.pdf
The link has to become more special, otherwise It could be possible that other customers could try to find invoices by changing the invoice in the http:/// link
The link in the manufacturer file looks like this :
(no)http://91.183.133.204:54321/944eb3d88d5d34fb34d1bee885efc5a601fd.pdf
(no)http://91.183.133.204:54321/b3ccbebf7cc8541e36a08905701138b7b9c0.pdf
This is much harder to try to find.
Is it typical HTML or a changed random filename created by FWH?
Also to be on the safe.
Marc
FiveTech Software tech support forums
www.FiveTechSoft.com
Create a safe link for download
4 posts • Page 1 of 1
Create a safe link for download
by Marc Venken » Mon Apr 03, 2017 1:47 pm
Marc Venken
Using: FWH 23.04 with Harbour
Using: FWH 23.04 with Harbour
-
Marc Venken - Posts: 1355
- Joined: Tue Jun 14, 2016 7:51 am
- Location: Belgium
Re: Create a safe link for download
by Marc Venken » Mon Apr 03, 2017 2:09 pm
Marc Venken
Using: FWH 23.04 with Harbour
Using: FWH 23.04 with Harbour
-
Marc Venken - Posts: 1355
- Joined: Tue Jun 14, 2016 7:51 am
- Location: Belgium
Re: Create a safe link for download
by Carlos Mora » Mon Apr 03, 2017 2:21 pm
Marc,
I can't tell how Fivetech generates the filenames, but I think it is easy to find a way. It is not tipical in any way, it is just security by making thing harder to figure out, but IMHO it only creates a false sense of safety.
This procedure is the one I usually use to store passwords.
Given an Invoice number, you can compute the MD5 to use as name, using HB_MD5 function. To make it safer, you can 'salt' the convertion, using another aditional data to add to the original name, be it static or dinamic.
eg.
cInvoiceNo:= '58144'
cSalt:= 'Maveco.be' // this is up to you.
cFilename:= HB_MD5( cInvoice + cSalt )
Whith this, and if NOBODY knows the SALT, noone will guess the invoice number. If you know the SALT, it's easy to know the filename for a given invoice number.
The port is sth you can change in an http server like apache or nginx, usually with LISTEN or similar command, changing the standard port 80.
Hope it helps.
I can't tell how Fivetech generates the filenames, but I think it is easy to find a way. It is not tipical in any way, it is just security by making thing harder to figure out, but IMHO it only creates a false sense of safety.
This procedure is the one I usually use to store passwords.
Given an Invoice number, you can compute the MD5 to use as name, using HB_MD5 function. To make it safer, you can 'salt' the convertion, using another aditional data to add to the original name, be it static or dinamic.
eg.
cInvoiceNo:= '58144'
cSalt:= 'Maveco.be' // this is up to you.
cFilename:= HB_MD5( cInvoice + cSalt )
Whith this, and if NOBODY knows the SALT, noone will guess the invoice number. If you know the SALT, it's easy to know the filename for a given invoice number.
The port is sth you can change in an http server like apache or nginx, usually with LISTEN or similar command, changing the standard port 80.
Hope it helps.
Saludos
Carlos Mora
http://harbouradvisor.blogspot.com/
StackOverflow http://stackoverflow.com/users/549761/carlos-mora
“If you think education is expensive, try ignorance"
Carlos Mora
http://harbouradvisor.blogspot.com/
StackOverflow http://stackoverflow.com/users/549761/carlos-mora
“If you think education is expensive, try ignorance"
- Carlos Mora
- Posts: 988
- Joined: Thu Nov 24, 2005 3:01 pm
- Location: Madrid, España
Re: Create a safe link for download
by Marc Venken » Tue Apr 04, 2017 10:07 am
Thank You.
I will give it a try
Think this will do the trick.
I will give it a try
Think this will do the trick.
Marc Venken
Using: FWH 23.04 with Harbour
Using: FWH 23.04 with Harbour
-
Marc Venken - Posts: 1355
- Joined: Tue Jun 14, 2016 7:51 am
- Location: Belgium
4 posts • Page 1 of 1
Return to FiveWin for Harbour/xHarbour
Who is online
Users browsing this forum: No registered users and 53 guests